When I updated Drupal to 7.24, the status report instructed me to twiddle my .htaccess files per security advisory SA-CORE-2013-003, so I did. And then my site unthemed itself. A quick trip to the error log revealed the problem, and even the solution: change FollowSymLinks to SymLinksIfOwnerMatch.
In short, my webhost does not permit the use of the FollowSymlinks option for security reasons, but they do permit the somewhat more secure SymLinksIfOwnerMatch directive. The log was full of stuff along the lines of ...public_html/files/.htaccess: Option FollowSymLinks not allowed here, referer: http://hyperlogos.org/admin/reports/status and the like. So I tried disabling FollowSymlinks and reloading, and I got Options FollowSymLinks or SymLinksIfOwnerMatch is off which implies that RewriteRule directive is forbidden which had the solution right in. Here's a quick piece of shell to fix this for all .htaccess files:
for i in `find . -type f -name .htaccess -exec grep -il FollowSymLinks '{}' \;`
do
chmod u+w $i
sed -ie 's/FollowSymLinks/SymLinksIfOwnerMatch/ig' $i
chmod u-w $i
done
You could glue it all together with semicolons on a single line. My host write-protects the .htaccess files automagically, so the files need to be made writable before editing in-place by sed. I had to run this command from my home, because tmp is outside public_html as it should be. This also twiddled the .htaccess in the copy of drupal I have unpacked, but that's a feature and not a bug in case I forget about this the next time I have to go to the shell, which is approximately only when there's a new drupal core.